CN112566128B - Wireless router management and control method based on mac address - Google Patents
Wireless router management and control method based on mac address Download PDFInfo
- Publication number
- CN112566128B CN112566128B CN202110222842.1A CN202110222842A CN112566128B CN 112566128 B CN112566128 B CN 112566128B CN 202110222842 A CN202110222842 A CN 202110222842A CN 112566128 B CN112566128 B CN 112566128B
- Authority
- CN
- China
- Prior art keywords
- historical
- data
- address
- validity
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Abstract
The invention provides a wireless router management and control method based on a mac address, and relates to the technical field of routers. In the present invention, first, a target mac address configured in advance for a wireless router is acquired. Secondly, it is determined whether the target media access control address belongs to a legitimate media access control address, wherein the legitimate collusion access control address includes an identifier of three bytes allocated by the target registration authority and an identifier of three bytes allocated by the production authority of the wireless router. And then, if the target media access control address does not belong to a legal media access control address, performing disconnection operation on the network port of the wireless router. Based on the method, the problem of poor control effect on the wireless router in the prior art can be solved.
Description
Technical Field
The invention relates to the technical field of routers, in particular to a wireless router management and control method based on mac addresses.
Background
When the wireless router is produced, a burning firmware is needed to be burnt into a FLASH FLASH memory of the router, and then the whole system can be normally operated and used.
However, the inventor has found that in the prior art, the burning firmware has a relatively large security secret, for example, if the burning firmware is streamed out or read out from the FLASH by a malicious person, the burning firmware can be copied to other wireless router boards for pirate production, and thus, the problem of poor control effect on the wireless router exists.
Disclosure of Invention
In view of the above, an objective of the present invention is to provide a mac address-based method for managing and controlling a wireless router, so as to solve the problem of poor management and control effect of the wireless router in the prior art.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
a wireless router management and control method based on mac addresses comprises the following steps:
acquiring a target media access control address configured aiming at a wireless router in advance;
determining whether the target media access control address belongs to a legitimate media access control address, wherein the legitimate collusion access control address includes an identifier of three bytes allocated by a target registration authority and an identifier of three bytes allocated by a production authority of the wireless router;
and if the target media access control address does not belong to a legal media access control address, performing disconnection operation on the network port of the wireless router, wherein when the network port is not disconnected, the wireless router performs data interaction with other network equipment through the network port.
In a preferred option of the embodiment of the present invention, in the method for managing and controlling a wireless router based on a mac address, the method further includes:
creating an address validity monitoring process;
starting the address validity monitoring process to execute target monitoring operation;
wherein the target monitoring operation comprises:
acquiring a target media access control address configured aiming at a wireless router in advance; judging whether the target media access control address belongs to a legal media access control address or not; and if the target media access control address does not belong to a legal media access control address, disconnecting the network port of the wireless router.
In a preferred option of the embodiment of the present invention, in the method for managing and controlling a wireless router based on a mac address, the step of starting the address validity monitoring process includes:
judging whether a monitoring process starting triggering instruction is acquired, wherein the monitoring process starting triggering instruction is used for triggering the starting of the address validity monitoring process;
and if the monitoring process starting triggering instruction is obtained, starting the address validity monitoring process based on the monitoring process starting triggering instruction.
In a preferred option of the embodiment of the present invention, in the method for managing and controlling a wireless router based on a mac address, the step of determining whether to acquire a monitoring process start trigger instruction includes:
judging whether the current starting of the wireless router belongs to the first starting;
and if the current start of the wireless router belongs to the first start, determining to acquire a monitoring process start triggering instruction.
In a preferred option of the embodiment of the present invention, in the method for managing and controlling a wireless router based on a mac address, the step of determining whether to acquire a trigger instruction for starting a monitoring process further includes:
and if the current start of the wireless router does not belong to the first start, determining that a monitoring process start triggering instruction is not obtained.
In a preferred option of the embodiment of the present invention, in the method for managing and controlling a wireless router based on a mac address, the step of determining whether to acquire a trigger instruction for starting a monitoring process further includes:
if the current start of the wireless router does not belong to the first start, judging whether the burning firmware of the wireless router is subjected to target updating operation, wherein the target updating operation is used for updating the burning firmware when being executed;
and if the burning firmware of the wireless router is not subjected to target updating operation, determining that a monitoring process starting triggering instruction is not obtained.
In a preferred option of the embodiment of the present invention, in the method for managing and controlling a wireless router based on a mac address, the step of determining whether to acquire a trigger instruction for starting a monitoring process further includes:
if the burning firmware of the wireless router is executed with target updating operation, historical address validity judging data of the wireless router are obtained, wherein each piece of historical address validity judging data is generated based on the result of judging whether the historical media access control address of the wireless router belongs to the legal media access control address every time historically;
and determining whether a monitoring process starting triggering instruction is acquired or not based on the historical address validity judgment data.
In a preferred option of the embodiment of the present invention, in the method for managing and controlling a wireless router based on a mac address, the step of determining whether to acquire a monitoring process start trigger instruction based on the historical address validity determination data includes:
based on the generation time information of the historical address validity judging data, sequencing a plurality of pieces of historical address validity judging data according to the sequence of time from morning to evening to obtain corresponding historical address validity judging data sequences;
determining a generation time difference value between generation time information of two adjacent pieces of history address validity judgment data in the history address validity judgment data sequence;
based on the sequence of the validity judgment data of each historical address in the validity judgment data sequence of the historical addresses, sequencing a plurality of generated time difference values to generate a time difference value sequence;
calculating the mean value of the generated time difference values in the generated time difference value sequence to obtain the corresponding mean value of the time difference values;
determining a corresponding time difference threshold value based on the time difference average value;
acquiring a generation time difference value larger than the time difference value threshold from the generation time difference value sequence, and taking the generation time difference value as a target generation time difference value;
taking the historical address validity judging data corresponding to the target generation time difference value as first candidate historical address validity judging data;
based on the sequence of the corresponding target generation time difference values in the generation time difference value sequence, sequencing the first candidate historical address validity judgment data to obtain a corresponding first candidate historical address validity judgment data sequence;
determining a data difference value between data representation contents of two adjacent sets of historical address validity judgment data in the historical address validity judgment data sequence, wherein when the data representation contents of the two adjacent sets of historical address validity judgment data are the same, the corresponding data difference value is a first numerical value, and when the data representation contents of the two adjacent sets of historical address validity judgment data are different, the corresponding data difference value is a second numerical value;
based on the sequence of the validity judgment data of each historical address in the data sequence of validity judgment of the historical address, sequencing a plurality of data difference values to generate a corresponding data difference value sequence;
continuously screening the data difference value sequence to obtain target data difference values, and forming a corresponding second candidate historical address validity judgment data sequence based on the later historical address validity judgment data in the two adjacent pieces of historical address validity judgment data corresponding to each target data difference value;
selecting a candidate historical address validity judging data sequence with more legal historical address validity judging data with data representation contents being illegal from the first candidate historical address validity judging data sequence and the second candidate historical address validity judging data sequence as a representative historical address validity judging data sequence;
based on the time range region of the generation time information of the candidate historical address validity judgment data included in the representative historical address validity judgment data sequence, finding a corresponding target number of pieces of reference historical address validity judgment data in a target database to form a reference historical address validity judgment data sequence, wherein the target number is the number of the candidate historical address validity judgment data included in the representative historical address validity judgment data sequence, the target database is generated based on the result of historically judging whether the historical media access control addresses of a plurality of wireless routers belong to legal media access control addresses each time, the plurality of wireless routers comprise the wireless router, and the reference historical address validity judgment data do not comprise the candidate historical address validity judgment data;
determining whether the candidate historical address validity judging data and the reference historical address validity judging data at the corresponding positions in the candidate historical address validity judging data sequence and the reference historical address validity judging data sequence are the same or not;
counting the number of the candidate historical address validity judging data and the reference historical address validity judging data at the corresponding positions in the candidate historical address validity judging data sequence and the reference historical address validity judging data sequence to obtain a first number;
determining whether a monitoring process starting triggering instruction is acquired or not based on the first number and a predetermined number threshold, wherein when the first number is greater than or equal to the number threshold and the number of reference historical address validity determination data of which the data representation content is legal in the reference historical address validity determination data sequence is greater than the number of reference historical address validity determination data of which the data representation content is illegal, it is determined that the monitoring process starting trigger instruction is not acquired, and when the first quantity is smaller than the quantity threshold or the quantity of the reference historical address legality judging data with the data representation content being legal in the reference historical address legality judging data sequence is not larger than the quantity of the reference historical address legality judging data with the data representation content being illegal, determining to acquire the monitoring process starting triggering instruction.
In a preferred option of the embodiment of the present invention, in the method for managing and controlling a wireless router based on a mac address, the step of determining whether to acquire a monitoring process start trigger instruction based on the historical address validity determination data includes:
based on the generation time information of the historical address validity judging data, sequencing a plurality of pieces of historical address validity judging data according to the sequence of time from morning to evening to obtain corresponding historical address validity judging data sequences;
based on the continuity of the data representation content of the historical address validity judging data, carrying out segmentation processing on the historical address validity judging data sequence to obtain at least two historical address validity judging data sets;
acquiring at least two historical validity judging data quantities of the at least two historical address validity judging data sets, and generating a historical validity judging data quantity set of the at least two historical validity judging data quantities;
based on the time range region of the generation time information of the historical address validity judgment data included in the historical address validity judgment data sequence, finding corresponding target quantity reference historical address validity judgment data in a target database to form a reference historical address validity judgment data sequence, wherein the target quantity is the quantity of the historical address validity judgment data included in the historical address validity judgment data sequence, the target database is generated based on the result of judging whether the historical media access control addresses of a plurality of wireless routers belong to legal media access control addresses at each historical time, the plurality of wireless routers comprise the wireless routers, and the reference historical address validity judgment data do not include the historical address validity judgment data;
based on the continuity of the data representation content of the reference historical address validity judging data, carrying out segmentation processing on the reference historical address validity judging data sequence to obtain at least two reference historical address validity judging data sets;
acquiring at least two reference historical validity judging data quantities of the at least two reference historical address validity judging data sets, and generating a reference validity judging data quantity set of the at least two reference historical validity judging data quantities;
determining the number of target historical validity judging data in the historical validity judging data number set, and determining a target historical address validity judging data set in the at least two historical address validity judging data sets according to the number of the target historical validity judging data;
determining a first reference historical legitimacy determination data quantity among the at least two reference historical legitimacy determination data quantities of the reference legality determination data quantity set, and calculating a quantity difference between the target historical legitimacy determination data quantity and the first reference historical legitimacy determination data quantity;
acquiring a quantity threshold corresponding to the quantity difference, determining the quantity of other reference history legality judging data which is not used as the quantity of the first reference history legality judging data in the reference legality judging data quantity set when the quantity difference is larger than or equal to the quantity threshold, and determining the quantity of second reference history legality judging data in the quantity of other reference history legality judging data;
merging the first reference historical validity determination data quantity and the second reference historical validity determination data quantity to obtain a target reference historical validity determination data quantity corresponding to the target historical validity determination data quantity, wherein the difference between the sum of the first reference historical validity determination data quantity and the second reference historical validity determination data quantity and the target historical validity determination data quantity is smaller than the quantity threshold;
determining a target reference historical address validity judgment data set in the at least two reference historical address validity judgment data sets according to the target reference historical address validity judgment data quantity, and counting the quantity proportion of first reference historical address validity judgment data included in the target reference historical address validity judgment data set, wherein the data representation content of the first reference historical address validity judgment data is legal;
calculating the data similarity of the historical address validity judging data included in the target historical address validity judging data set and the reference historical address validity judging data included in the target reference historical address validity judging data set;
and if the number ratio is greater than a ratio threshold value and the data similarity is greater than a similarity threshold value, determining that a monitoring process starting triggering instruction is not obtained.
In a preferred option of the embodiment of the present invention, in the method for managing and controlling a wireless router based on a mac address, after the step of performing the disconnection operation on the network port of the wireless router is performed, the method further includes:
judging whether the target media access control address of the wireless router is updated or not to form a new media access control address;
judging whether the new media access control address belongs to a legal media access control address or not;
and if the new media access control address belongs to a legal media access control address, stopping executing port disconnection operation on the network port of the wireless router.
The invention provides a wireless router management and control method based on mac address, which judges whether the target media access control address of the wireless router belongs to the legal media access control address or not, and executes disconnection operation to the network port of the wireless router when the target media access control address does not belong to the legal media access control address. Therefore, the wireless router using the stolen burning firmware cannot have a legal media access control address, so that the wireless router using the stolen burning firmware is disconnected, data interaction between the wireless router and other network equipment can be prevented, the burning firmware can be effectively prevented from being stolen, and the problem that the control effect of the wireless router in the prior art is poor is solved.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
Fig. 1 is a block diagram of a wireless router according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating a mac address-based wireless router management method according to an embodiment of the present invention including steps.
Fig. 3 is a block diagram of a mac address-based wireless router management apparatus according to an embodiment of the present invention.
Icon: 10-a wireless router; 12-a memory; 14-a processor; 100-a wireless router management and control device based on mac address; 110-a media access control address acquisition module; 120-address validity judging module; 130-port disconnection operation execution module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a wireless router 10, which may include a memory 12, a processor 14, and a mac address-based wireless router management apparatus 100.
Wherein the memory 12 and the processor 14 are electrically connected directly or indirectly to realize data transmission or interaction. For example, they may be electrically connected to each other via one or more communication buses or signal lines. The mac-address-based wireless router administration apparatus 100 includes at least one software function module that can be stored in the memory 12 in the form of software or firmware (firmware). The processor 14 is configured to execute executable computer programs stored in the memory 12, for example, software functional modules and computer programs included in the mac-address-based wireless router management apparatus 100, so as to implement a mac-address-based wireless router management method provided by an embodiment of the present invention (as described below).
Alternatively, the Memory 12 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like.
The Processor 14 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), a System on Chip (SoC), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components.
It is understood that the structure shown in fig. 1 is only an illustration, and the wireless router 10 may further include more or less components than those shown in fig. 1, have a different configuration from that shown in fig. 1, and may further include a communication unit for information interaction with other devices (such as a terminal device or a server), for example.
With reference to fig. 2, an embodiment of the present invention further provides a mac address-based wireless router management and control method applicable to the wireless router 10. Wherein the method steps defined by the flow related to the mac address based wireless router management method can be implemented by the wireless router 10.
The specific process shown in FIG. 2 will be described in detail below.
Step S110, a target media access control address configured for the wireless router in advance is obtained.
In this embodiment, the wireless router may acquire a target medium access control address (mac) configured in advance for the wireless router.
Step S120, determining whether the target mac address belongs to a valid mac address.
In this embodiment, after acquiring the target mac address based on step S110, the wireless router may determine whether the target mac address belongs to a legitimate mac address.
Wherein the legitimate collusion access control address comprises a three-byte Identifier (OUI) assigned by the target registration authority (i.e. the registration authority of IEEE) and a three-byte Identifier assigned by the production authority of the wireless router.
If the target mac address is determined not to belong to a valid mac address, step S130 may be executed.
Step S130, performing disconnection operation on the network port of the wireless router.
In this embodiment, after determining that the target mac address does not belong to a legitimate mac address based on step S120, the wireless router may perform a disconnection operation on a network port of the wireless router.
When the disconnection operation is not executed so that the network port is not disconnected, the wireless router can perform data interaction with other network equipment through the network port.
Based on the method, as the wireless router which uses the stolen burning firmware generally does not have a legal media access control address, the wireless router which uses the stolen burning firmware can be prevented from carrying out data interaction with other network equipment by executing disconnection operation, and the stealing of the burning firmware can be effectively avoided, thereby improving the problem of poor control effect on the wireless router in the prior art.
On the basis of the above example, in order to ensure the effective execution of the above steps S110 to S130, the mac address based wireless router management method may further include the following steps:
firstly, establishing an address validity monitoring process; secondly, starting the address validity monitoring process to execute target monitoring operation.
Among them, a Process (Process) is a running activity of a program in a computer on a certain data set, and is a basic unit for resource allocation and scheduling by a system. That is, the address validity monitoring process may refer to a computer program configured on the wireless router.
And, the target monitoring operation may include: acquiring a target media access control address configured aiming at a wireless router in advance; judging whether the target media access control address belongs to a legal media access control address or not; and if the target media access control address does not belong to a legal media access control address, disconnecting the network port of the wireless router. That is, the execution of steps S110 to S130 in the above example may be completed after the address legitimacy monitoring process is started.
Optionally, in the above example, a specific manner for starting the address validity monitoring process is not limited, and may be selected according to an actual application requirement.
For example, in an alternative example, the address validity monitoring process may be initiated based on the following steps:
firstly, judging whether a monitoring process starting triggering instruction is obtained or not, wherein the monitoring process starting triggering instruction is used for triggering the starting of the address validity monitoring process; secondly, if the monitoring process starting triggering instruction is obtained, starting the address validity monitoring process based on the monitoring process starting triggering instruction.
Optionally, in the above example, the specific manner of determining whether the monitoring process start trigger instruction is acquired is not limited, and may be selected according to actual application requirements.
For example, in an alternative example, whether the monitoring process start triggering instruction is acquired may be determined based on the following steps:
firstly, judging whether the current start (namely the current start) of the wireless router belongs to the first start; secondly, if the current start of the wireless router belongs to the first start, determining to acquire a monitoring process start triggering instruction (so that for each wireless router, the address validity monitoring process needs to be started when the wireless router is started for the first time).
Moreover, on the basis of the above example, in an alternative example, the step of determining whether the monitoring process start trigger instruction is acquired may further include: and if the current start of the wireless router does not belong to the first start, determining that a monitoring process start triggering instruction is not obtained.
In another alternative example, the step of determining whether the monitoring process start triggering instruction is acquired may further include:
firstly, if the current start (the current start) of the wireless router does not belong to the first start, judging whether the burning firmware of the wireless router is executed with target updating operation, wherein the target updating operation is executed to update the burning firmware (such as upgrading processing);
secondly, if the burning firmware of the wireless router is not subjected to target updating operation, determining that a monitoring process starting trigger instruction is not obtained.
On the basis of the above example, the step of determining whether the monitoring process start triggering instruction is acquired may further include:
firstly, if the burning firmware of the wireless router is executed with target updating operation, obtaining the validity judgment data of the historical address of the wireless router, wherein each piece of the validity judgment data of the historical address is generated based on the result of judging whether the historical media access control address of the wireless router belongs to the legal media access control address every time in history (namely the validity judgment data of the historical address comprises the legal media access control address and the validity judgment data of the historical address is illegal);
secondly, determining whether a monitoring process starting triggering instruction is obtained or not based on the historical address validity judgment data.
Optionally, in the above example, a specific manner of determining whether the monitoring process start trigger instruction is acquired based on the historical address validity determination data is not limited.
For example, in an alternative example, whether the monitoring process start triggering instruction is acquired may be determined based on the following steps:
the first step, based on the generation time information of the historical address validity judgment data, sequencing a plurality of pieces of historical address validity judgment data according to the sequence of time from morning to evening to obtain a corresponding historical address validity judgment data sequence;
a second step of determining a difference in generation time between generation time information of two adjacent pieces of the history address validity determination data in the history address validity determination data sequence (i.e., a time interval between generation times of two adjacent pieces of the history address validity determination data);
thirdly, based on the sequence of the validity judgment data of the historical addresses in the validity judgment data sequence of the historical addresses, sequencing a plurality of generated time difference values to generate a time difference value sequence;
fourthly, calculating the mean value of the generated time difference values in the generated time difference value sequence to obtain the corresponding mean value of the time difference values;
fifthly, determining a corresponding time difference threshold value based on the time difference average value (for example, the time difference average value can be used as the time difference threshold value; for example, the time difference average value can be multiplied by a weight coefficient to obtain the time difference threshold value, wherein the weight coefficient can be generated based on configuration operation of a user according to actual application requirements, such as 0.7);
sixthly, acquiring a generation time difference value larger than the time difference value threshold from the generation time difference value sequence as a target generation time difference value;
a seventh step of using the historical address validity judgment data corresponding to the target generation time difference value as first candidate historical address validity judgment data (for example, the later one of the two corresponding adjacent pieces of historical address validity judgment data may be used as the first candidate historical address validity judgment data);
eighthly, sorting the first candidate historical address validity judging data based on the sequence of the corresponding target generation time difference value in the generation time difference value sequence to obtain a corresponding first candidate historical address validity judging data sequence;
ninth, determining a data difference value between data representation contents (namely, media access control address legality and historical address legality judgment data are illegal) of two adjacent sets of historical address legality judgment data in the historical address legality judgment data sequence, wherein when the data representation contents of the two adjacent sets of historical address legality judgment data are the same, the corresponding data difference value is a first numerical value (such as 1), and when the data representation contents of the two adjacent sets of historical address legality judgment data are different, the corresponding data difference value is a second numerical value (such as 0);
tenth, based on the sequence of the validity determination data of the historical addresses in the validity determination data sequence of the historical addresses, sorting the data difference values to generate a corresponding data difference value sequence;
performing continuous screening processing on the data difference value sequence to obtain a target data difference value (the target data difference value is a data difference value different from a previous data difference value), and forming a corresponding second candidate historical address validity judgment data sequence based on the next historical address validity judgment data in two adjacent historical address validity judgment data corresponding to each target data difference value;
a twelfth step of, in the first candidate historical address validity determination data series and the second candidate historical address validity determination data series, selecting a candidate historical address validity judging data sequence which comprises more historical address validity judging data with illegal data representation contents as a representative historical address validity judging data sequence (namely, if the first candidate historical address validity judging data sequence comprises more historical address validity judging data with illegal data representation contents, the first candidate historical address validity judging data sequence is used as the representative historical address validity judging data sequence;
a thirteenth step of finding a corresponding target number of pieces of reference history address validity determination data (that is, the generation time information of the reference history address validity determination data belongs to the time range region) in a target database based on the time range region of the generation time information of the candidate history address validity determination data included in the representative history address validity determination data sequence (that is, the lower limit value of the time range region is the earliest generation time information, and the upper limit value of the time range region is the latest generation time information), to form a reference history address validity determination data sequence, where the target number is the number of pieces of candidate history address validity determination data included in the representative history address validity determination data sequence, and the target database determines, based on each time in history, the number of pieces of history media access determination data of a plurality of wireless routers (which may include the wireless router 10 provided in the embodiment of the present invention) Generating a result of whether the control address belongs to a legal media access control address, the reference history address validity judgment data not including the candidate history address validity judgment data;
fourteenth, determining whether the candidate historical address validity judging data and the reference historical address validity judging data at the corresponding positions in the candidate historical address validity judging data sequence and the reference historical address validity judging data sequence are the same;
fifteenth, counting the number of the candidate historical address validity judging data and the reference historical address validity judging data at the corresponding positions in the candidate historical address validity judging data sequence and the reference historical address validity judging data sequence to obtain a first number;
sixthly, determining whether a monitoring process starting triggering instruction is obtained or not based on the first quantity and a predetermined quantity threshold (the quantity threshold can be generated based on configuration operation performed by a user according to actual application requirements and is not specifically limited herein), wherein when the first quantity is greater than or equal to the quantity threshold and the quantity of reference historical address validity judging data with data representation content legal in the reference historical address validity judging data sequence is greater than the quantity of reference historical address validity judging data with data representation content illegal, it is determined that the monitoring process starting triggering instruction is not obtained, and when the first quantity is less than the quantity threshold or the quantity of reference historical address validity judging data with data representation content legal in the reference historical address validity judging data sequence is not greater than the quantity of reference historical address validity judging data with data representation content illegal, and determining to obtain the monitoring process starting triggering instruction.
For another example, in another alternative example, whether the monitoring process start triggering instruction is acquired may be determined based on the following steps:
the first step, based on the generation time information of the historical address validity judgment data, sequencing a plurality of pieces of historical address validity judgment data according to the sequence of time from morning to evening to obtain a corresponding historical address validity judgment data sequence;
a second step of dividing the history address validity judging data sequence based on the continuity of the data representation content of the history address validity judging data (namely, when the data representation content of two adjacent history addresses and the validity judging data are different, dividing the two adjacent history addresses and the validity judging data once to divide the two adjacent history addresses and the validity judging data into different history address validity judging data sets) to obtain at least two history address validity judging data sets;
a third step of obtaining at least two historical validity determination data quantities of the at least two historical address validity determination data sets (that is, obtaining the quantity of the historical address validity determination data included in each of the historical address validity determination data sets, so that for the at least two historical address validity determination data sets, at least two historical validity determination data quantities can be obtained), and generating a historical validity determination data quantity set of the at least two historical validity determination data quantities (that is, the historical validity determination data quantity set includes at least two parameters, that is, the at least two historical validity determination data quantities);
fourthly, based on the time range region of the generation time information of the historical address validity judgment data included in the historical address validity judgment data sequence, finding a corresponding target number of pieces of reference historical address validity judgment data in a target database to form a reference historical address validity judgment data sequence, wherein the target number is the number of the historical address validity judgment data included in the historical address validity judgment data sequence, the target database is generated based on the result of judging whether the historical media access control addresses of the plurality of wireless routers belong to valid media access control addresses in each historical time, and the reference historical address validity judgment data does not include the historical address validity judgment data (in combination with the relevant description of the previous example, the description is omitted one by one);
fifthly, based on the continuity of the data representation content of the reference historical address validity judgment data, performing segmentation processing on the reference historical address validity judgment data sequence to obtain at least two reference historical address validity judgment data sets (in combination with the relevant description of the previous example, the description is omitted one by one);
a sixth step of obtaining at least two reference history validity determination data quantities of the at least two reference history address validity determination data sets, and generating a reference validity determination data quantity set of the at least two reference history validity determination data quantities (in combination with the related description of the foregoing example, the description is not repeated one by one);
a seventh step of determining a target historical validity determination data number (e.g., a historical validity determination data number with a smallest median value in the historical validity determination data number set or a smallest difference value with an average value) in the historical validity determination data number set, and determining a target historical address validity determination data set in the at least two historical address validity determination data sets according to the target historical validity determination data number (i.e., the target historical address validity determination data set includes the target historical address validity determination data number);
an eighth step of determining a first reference historical legitimacy determination data quantity (e.g., a reference legitimacy determination data quantity in which a difference between a median value in the reference legitimacy determination data quantity set or an average value is smallest) among the at least two reference historical legitimacy determination data quantities in the reference legitimacy determination data quantity set, and calculating a quantity difference between the target historical legitimacy determination data quantity and the first reference historical legitimacy determination data quantity;
a ninth step of determining, when the number difference is greater than or equal to a number threshold (the number threshold may be generated based on a configuration operation performed by a user according to an actual application requirement, and no particular reference is made herein), a number of other reference history validity determination data that is not the first reference history validity determination data number in the reference validity determination data number set, and determining a second reference history validity determination data number (such as a minimum value of the number of other reference history validity determination data) in the number of other reference history validity determination data;
a tenth step of merging the first reference historical validity determination data amount and the second reference historical validity determination data amount as a target reference historical validity determination data amount corresponding to the target historical validity determination data amount (i.e., a sum of the first reference historical validity determination data amount and the second reference historical validity determination data amount), wherein a difference between the sum of the first reference historical validity determination data amount and the second reference historical validity determination data amount and the target historical validity determination data amount is smaller than the number threshold;
a tenth step of determining a target reference historical address validity judgment data set from the at least two reference historical address validity judgment data sets according to the target reference historical validity judgment data quantity (that is, in the at least two reference historical address validity judgment data sets, the difference between the quantity of the reference historical address validity judgment data included in the target reference historical address validity judgment data set and the quantity of the target reference historical address validity judgment data is minimum), and counting the quantity proportion of first reference historical address validity judgment data included in the target reference historical address validity judgment data set, wherein the data representation content of the first reference historical address validity judgment data is legal;
a twelfth step of calculating data similarity between the history address validity determination data included in the target history address validity determination data set and the reference history address validity determination data included in the target reference history address validity determination data set (for example, one of the two data sets having less data may be used as a comparison set, and the other may be subjected to sliding window processing according to the data quantity of the comparison set as a sliding window length to obtain a plurality of subsets;
thirteenth, if the number ratio is greater than a ratio threshold (the ratio threshold may be generated based on a configuration operation performed by a user according to an actual application requirement), and the data similarity is greater than a similarity threshold (the similarity threshold may be generated based on a configuration operation performed by a user according to an actual application requirement), it is determined that the monitoring process start trigger instruction is not obtained (in other cases, it may be determined that the monitoring process start trigger instruction is obtained).
Further, on the basis of the above example, after the step S130 is executed, the mac address based wireless router management method further includes the following steps:
firstly, judging whether the target media access control address of the wireless router is updated or not to form a new media access control address; secondly, judging whether the new media access control address belongs to a legal media access control address or not; and then, if the new mac address belongs to a valid mac address, stopping performing a port disconnection operation on the network port of the wireless router (so that the wireless router can perform data interaction with other network devices through the network port, that is, the wireless router can be used normally).
With reference to fig. 3, an embodiment of the present invention further provides a mac address-based wireless router management and control apparatus 100 applicable to the wireless router 10. The mac address-based wireless router control apparatus 100 may include a mac address obtaining module 110, an address validity determining module 120, and a port disconnection operation executing module 130.
The mac address obtaining module 110 is configured to obtain a target mac address configured for the wireless router in advance. For the specific content, reference may be made to the explanation of step S110, which is not described in detail herein.
The address validity judging module 120 is configured to judge whether the target mac address belongs to a valid mac address, where the valid collusion mac address includes an identifier of three bytes allocated by the target registration authority and an identifier of three bytes allocated by the production authority of the wireless router. For the specific content, reference may be made to the explanation of step S120, which is not described in detail herein.
The port disconnection operation executing module 130 is configured to, if the target mac address does not belong to a valid mac address, execute a disconnection operation on a network port of the wireless router, where the wireless router performs data interaction with other network devices through the network port when the network port is not disconnected. For details, reference may be made to the explanation of step S130, and details are not repeated here.
In summary, the method for controlling a wireless router based on a mac address according to the present invention determines whether a target mac address of the wireless router belongs to a valid mac address, and performs a disconnection operation on a network port of the wireless router when the target mac address does not belong to the valid mac address. Therefore, the wireless router using the stolen burning firmware cannot have a legal media access control address, so that the wireless router using the stolen burning firmware is disconnected, data interaction between the wireless router and other network equipment can be prevented, the burning firmware can be effectively prevented from being stolen, and the problem that the control effect of the wireless router in the prior art is poor is solved.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, an electronic device, or a network device) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (2)
1. A method for managing and controlling a wireless router based on a mac address is characterized by comprising the following steps:
acquiring a target media access control address configured aiming at a wireless router in advance;
determining whether the target media access control address belongs to a legitimate media access control address, wherein the legitimate collusion access control address includes an identifier of three bytes allocated by a target registration authority and an identifier of three bytes allocated by a production authority of the wireless router;
if the target media access control address does not belong to a legal media access control address, performing disconnection operation on a network port of the wireless router, wherein when the network port is not disconnected, the wireless router performs data interaction with other network equipment through the network port;
the method further comprises the following steps:
creating an address validity monitoring process;
starting the address validity monitoring process to execute target monitoring operation;
wherein the target monitoring operation comprises:
acquiring a target media access control address configured aiming at a wireless router in advance; judging whether the target media access control address belongs to a legal media access control address or not; if the target media access control address does not belong to a legal media access control address, disconnecting the network port of the wireless router;
wherein the step of starting the address validity monitoring process includes:
judging whether a monitoring process starting triggering instruction is acquired, wherein the monitoring process starting triggering instruction is used for triggering the starting of the address validity monitoring process;
if the monitoring process starting triggering instruction is obtained, starting the address validity monitoring process based on the monitoring process starting triggering instruction;
the step of judging whether the monitoring process starting triggering instruction is acquired or not comprises the following steps:
judging whether the current starting of the wireless router belongs to the first starting;
if the current starting of the wireless router belongs to the first starting, determining to acquire a monitoring process starting triggering instruction;
if the current start of the wireless router does not belong to the first start, judging whether the burning firmware of the wireless router is subjected to target updating operation, wherein the target updating operation is used for updating the burning firmware when being executed;
if the burning firmware of the wireless router is not subjected to target updating operation, determining that a monitoring process starting trigger instruction is not obtained;
if the burning firmware of the wireless router is executed with target updating operation, historical address validity judging data of the wireless router are obtained, wherein each piece of historical address validity judging data is generated based on the result of judging whether the historical media access control address of the wireless router belongs to the legal media access control address every time historically;
based on the generation time information of the historical address validity judging data, sequencing a plurality of pieces of historical address validity judging data according to the sequence of time from morning to evening to obtain corresponding historical address validity judging data sequences;
based on the continuity of the data representation content of the historical address validity judging data, carrying out segmentation processing on the historical address validity judging data sequence to obtain at least two historical address validity judging data sets;
acquiring at least two historical validity judging data quantities of the at least two historical address validity judging data sets, and generating a historical validity judging data quantity set of the at least two historical validity judging data quantities;
based on the time range region of the generation time information of the historical address validity judgment data included in the historical address validity judgment data sequence, finding corresponding target quantity reference historical address validity judgment data in a target database to form a reference historical address validity judgment data sequence, wherein the target quantity is the quantity of the historical address validity judgment data included in the historical address validity judgment data sequence, the target database is generated based on the result of judging whether the historical media access control addresses of a plurality of wireless routers belong to legal media access control addresses every time historically, and the reference historical address validity judgment data does not include the historical address validity judgment data;
based on the continuity of the data representation content of the reference historical address validity judging data, carrying out segmentation processing on the reference historical address validity judging data sequence to obtain at least two reference historical address validity judging data sets;
acquiring at least two reference historical validity judging data quantities of the at least two reference historical address validity judging data sets, and generating a reference validity judging data quantity set of the at least two reference historical validity judging data quantities;
determining the number of target historical validity judging data in the historical validity judging data number set, and determining a target historical address validity judging data set in the at least two historical address validity judging data sets according to the number of the target historical validity judging data;
determining a first reference historical legitimacy determination data quantity among the at least two reference historical legitimacy determination data quantities of the reference legality determination data quantity set, and calculating a quantity difference between the target historical legitimacy determination data quantity and the first reference historical legitimacy determination data quantity;
acquiring a quantity threshold corresponding to the quantity difference, determining the quantity of other reference history legality judging data which is not used as the quantity of the first reference history legality judging data in the reference legality judging data quantity set when the quantity difference is larger than or equal to the quantity threshold, and determining the quantity of second reference history legality judging data in the quantity of other reference history legality judging data;
merging the first reference historical validity determination data quantity and the second reference historical validity determination data quantity to obtain a target reference historical validity determination data quantity corresponding to the target historical validity determination data quantity, wherein the difference between the sum of the first reference historical validity determination data quantity and the second reference historical validity determination data quantity and the target historical validity determination data quantity is smaller than the quantity threshold;
determining a target reference historical address validity judgment data set in the at least two reference historical address validity judgment data sets according to the target reference historical address validity judgment data quantity, and counting the quantity proportion of first reference historical address validity judgment data included in the target reference historical address validity judgment data set, wherein the data representation content of the first reference historical address validity judgment data is legal;
calculating the data similarity of the historical address validity judging data included in the target historical address validity judging data set and the reference historical address validity judging data included in the target reference historical address validity judging data set;
and if the number ratio is greater than a ratio threshold value and the data similarity is greater than a similarity threshold value, determining that a monitoring process starting triggering instruction is not obtained.
2. The mac-address-based wireless router management method of claim 1, wherein after the step of performing the disconnection operation on the network port of the wireless router, the method further comprises:
judging whether the target media access control address of the wireless router is updated or not to form a new media access control address;
judging whether the new media access control address belongs to a legal media access control address or not;
and if the new media access control address belongs to a legal media access control address, stopping executing port disconnection operation on the network port of the wireless router.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110222842.1A CN112566128B (en) | 2021-03-01 | 2021-03-01 | Wireless router management and control method based on mac address |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110222842.1A CN112566128B (en) | 2021-03-01 | 2021-03-01 | Wireless router management and control method based on mac address |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112566128A CN112566128A (en) | 2021-03-26 |
| CN112566128B true CN112566128B (en) | 2021-05-11 |
Family
ID=75034881
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110222842.1A Active CN112566128B (en) | 2021-03-01 | 2021-03-01 | Wireless router management and control method based on mac address |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112566128B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105868878A (en) * | 2015-01-21 | 2016-08-17 | 阿里巴巴集团控股有限公司 | Method and device for MAC (Media Access Control) address risk identification |
| CN107967218A (en) * | 2017-12-26 | 2018-04-27 | 中原工学院 | Boundary value test method in industrial software on-the-spot test based on user's history data |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8989187B2 (en) * | 2010-06-04 | 2015-03-24 | Coraid, Inc. | Method and system of scaling a cloud computing network |
| CN105610844A (en) * | 2016-01-04 | 2016-05-25 | 上海斐讯数据通信技术有限公司 | Phishing network identification system and method |
| CN106790087B (en) * | 2016-12-23 | 2020-05-26 | 大连网月科技股份有限公司 | Method and device for preventing illegal secondary router access |
| CN107623754B (en) * | 2017-09-28 | 2020-07-10 | 武汉虹旭信息技术有限责任公司 | WiFi acquisition system and method based on authenticity MAC identification |
| CN108965241A (en) * | 2018-05-28 | 2018-12-07 | 清华大学 | Based on WLAN source address verification method |
-
2021
- 2021-03-01 CN CN202110222842.1A patent/CN112566128B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105868878A (en) * | 2015-01-21 | 2016-08-17 | 阿里巴巴集团控股有限公司 | Method and device for MAC (Media Access Control) address risk identification |
| CN107967218A (en) * | 2017-12-26 | 2018-04-27 | 中原工学院 | Boundary value test method in industrial software on-the-spot test based on user's history data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112566128A (en) | 2021-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107679718B (en) | List allocation method, apparatus and computer-readable storage medium | |
| CN106294508B (en) | Brushing amount tool detection method and device | |
| EP3068095A2 (en) | Monitoring apparatus and method | |
| CN111064711B (en) | Block chain-based data stream detection method and device and server | |
| CN105791255A (en) | Method and system for identifying computer risks based on account clustering | |
| CN102510400B (en) | A kind of method of the suspectableness degree for determining user, device and equipment | |
| CN110166344B (en) | Identity identification method, device and related equipment | |
| CN105530138A (en) | Data monitoring method and data monitoring device | |
| EP3340567B1 (en) | Model for identifying attack propagation patterns in a monitored sensor-based system | |
| CN110033302A (en) | The recognition methods of malice account and device | |
| CN108605042B (en) | Method and apparatus for trust-based authentication in SDN clustering | |
| CN110909379A (en) | Storage cluster permission determination method, device, equipment and storage medium | |
| CN113486339A (en) | Data processing method, device, equipment and machine-readable storage medium | |
| CN111782383A (en) | Task allocation method, server, electronic terminal and computer readable storage medium | |
| CN111163173A (en) | Cluster configuration method and device, server and readable storage medium | |
| CN112566128B (en) | Wireless router management and control method based on mac address | |
| CN109547427A (en) | Black list user's recognition methods, device, computer equipment and storage medium | |
| CN117294497A (en) | Network traffic abnormality detection method and device, electronic equipment and storage medium | |
| CN113872951B (en) | Hybrid cloud security policy issuing method and device, electronic equipment and storage medium | |
| CN112181829B (en) | User distribution method, device, terminal and medium for AB experiment | |
| CN107292137B (en) | Method and device for determining object to be unlocked | |
| CN111143311B (en) | Inter-application association determination and log association search methods, devices, media and equipment | |
| CN110581842B (en) | DNS request processing method and server | |
| CN114218577A (en) | API risk determination method, device, equipment and medium | |
| CN109784035B (en) | Installation process tracking processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |